Ctrl + K
/ news / CVE
CVEPublished 2026-03-041 article on news5 live referencesNVD data

CVE-2026-20131

Vulnerability data via CVEDB (Shodan)

CISA KEVKnown exploited in the wild.Used in ransomware
CISA action: Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.
CVSS v3.1
10.0
CRITICAL
EPSS percentile
98
Exploit Prediction Scoring System · top 2% of all CVEs
Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

Timeline
Published 2026-03-04

External references

NVDMITREExploit-DBSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-20131
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product + version
product:"Cisco Secure Firewall Management Center" version:"10.0.0"
Version-pinned fingerprint from NVD's first vulnerable CPE.
Shodan · banner/body mention
http.html:"Secure Firewall Management Center"
HTTP body or banner mentions "Secure Firewall Management Center" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2026-20131
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-20131
Censys host search filtered to this CVE id.
grep.app
CVE-2026-20131
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-20131
GitHub code search for direct mentions.
Google dork
"CVE-2026-20131" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2026-201318 repos
nomi-sec/PoC-in-GitHubunknown
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
★ 7,850·updated today
ramimac/aws-customer-security-incidentsunknown
A repository of breaches of AWS customers
★ 809·updated 1mo ago
DarkFunct/TK-CVE-RepoPython
TK-CVE-Repo
★ 50·updated 2w ago
MaikCyberSec/Threat-Hunting-unknown
Threat Hunting based on KQL
★ 8·updated 1d ago
sak110/CVE-2026-20131Python
★ 3·updated 3mo ago
YuzeHao2023/daily-arxiv-ai4geoPython
🎓Automatically Update AI4Geo Papers Daily using Github Actions
★ 3·updated today
arxivsub/arXivSub_daily_arxivunknown
Daily arXiv AI summarization powered by arXivSub
★ 2·updated 3d ago
Hassan-Pouladi/Cisco-FMC-honeypotPython
Originally a Honeypot for CVE-2026-20131
★ 1·updated 2mo ago
Articles on news mentioning CVE-2026-20131